Bitcoin online bank robbery - "because that's where the money is"

carpentergambrinousSecurity

Dec 3, 2013 (3 years and 6 months ago)

210 views

This article copied from: http://nakedsecurity.sophos.com/2013/11/26/bitcoin
-
online
-
bank
-
robbery
-
because
-
thats
-
where
-
the
-
money
-
is/

Bitcoin online bank robbery
-

"because that's where the money is"


by
Paul Ducklin

on November 26, 2013
|

Leave a comment


FILED UNDER:

Cryptography
,
Data loss
,
Featured

If you've got your wallet handy, take out a banknote
-

pretty much any banknote will do, in any currency
-

and find the
serial number.

You shouldn't have much difficulty
-

most central banks consider the serial number important enough
that they print it more than once, sometimes in different colours and orientations.

Now write the serial number down
on a piece of paper.

Chances are, for
most of you, that'll be the first time you've ever done anything that actively involves a banknote
serial number. (There was no point in asking you to write it down, other than to make that point.)

For some of you,
perhaps, it may even be the first time y
ou've noticed that each banknote is uniquely labelled .

But I bet you one thing:
if real banknotes didn't exist, and all you had was a list of serial numbers like the one you just copied down, you'd
look after that list pretty carefully.

You certainly woul
dn't hand the list to a stranger on the street and say, "Be a good chap, won't you, and keep this in
your pocket until I see you next week," any more than you'd hand him your wallet full of cash to store for you.

But Bitcoins
-

the unregulated digital curr
ency that has been hugely in the news lately, both for its soaring street value
and its usefulness in paying the
CryptoLocker malware ransom

-

are, very loosely speaking, stored and traded like
our imaginary list of banknote serial numbers.

There are no offic
i
al Bitcoin banknotes or coins; just strings of digital
data that act as cryptographic serial numbers, deno
ting which Bitcoins (or fractional parts of Bitcoins) are yours.


So, if you're into Bitcoins, you want to watch that digital Bitcoin wallet of yours pretty closely, especially given the
steepling surge in the cryptocurrency's value in the past month.

→ E
ven the crooks behind CryptoLocker, who seem to have found that $300 is the sort of price point at which victims will pay up,

while, say,
$2000 is too high
, have been forced to drop the Bitcoin cost of their extortion. What cost BTC2 a month ago is "only" BTC 0.5 now.

N
evertheless, many Bitcoiners seem to be big on risk, entrusting their precious Bitcoin assets to a wide range of
online wallet services, where they are firmly in the sights of cybercrooks.

Bad luck if it all goes wrong, of course, because you're not likel
y to get your money back.

Without any financial operators' rules or consumer protection laws to help you out, things don't end like they usually
do with disputed credit card transactions. (In those, the bank takes the disputed amount back from the merchant

and
gives it to you. The merchant wears the loss.)

Sadly, a number of boutique Bitcoin merchants and wallet services have been cleaned out by hackers in the past
month, including:


Australia
-
based
Inputs.io
.


China
-
based
GBL
.


Denmark
-
based
BIPS
.

Each of these companies had been operating officially for only a few months, yet already had entrusted to them
millions of dollars that are now in the hands of cybercr
ooks.

Just over a year ago, we wrote about the regrettable story of a youngster named Roman Shtylman, whose
securit
y
lapse

during a server upgrade led to une
n
crypted backups being stolen, costing his sideline Bitcoin business some
$250,000 overnight.

That was back when Bitcoins were worth just over $10 each, compared to nearly $800 today.

So, you can see why hackers
are more than merely interested in online Bitcoin repositories
-

and why you need more
than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.

Remember, you don't have to keep your Bitcoins online with someone else: y
ou can store your Bitcoins yourself,
encrypted and offline.

In fact, you can do that with any and all of your digital possessions.

There was life before cloud storage, and there will be life after it!